CVE-2018-3968

Name of the Vulnerable Software and Affected Versions Das U-Boot versions 2013.07-rc1 through 2014.07-rc2

Description A security issue exists in the verified boot protection of Das U-Boot, where the affected versions lack proper FIT signature enforcement. This allows an attacker to bypass the verified boot and execute an unsigned kernel embedded in a legacy image format. To exploit this, a local attacker must be able to supply the image to boot.

Recommendations For Das U-Boot versions 2013.07-rc1 through 2014.07-rc2, consider implementing proper FIT signature enforcement to prevent unsigned kernels from being executed. As a temporary workaround, restrict access to the boot process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.